TL-MR6400 V5 - QMI is working but LAN and Wifi not connected to Internet

superfly71 · January 16, 2024, 7:34am

Hi,

I have installed OpenWrt v23.05.0 following the instructions here:
https://openwrt.org/toh/tp-link/tl-mr6400_v5

Configured the built-in LTE modem in /etc/config/network and it seems to be working:

root@OpenWrt:~# uqmi -d /dev/cdc-wdm0 --get-data-status
"connected"

But my LAN and Wifi are not connecting to the internet. I suspect it's an issue with the network configuration:

root@OpenWrt:~# cd /etc/config
root@OpenWrt:/etc/config# cat network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd0f:7855:1201::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0.1'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option device 'eth0.2'
        option proto 'dhcp'
        option type 'bridge'

config interface 'wan6'
        option device 'eth0.2'
        option proto 'dhcpv6'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0 1 2 6t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '3 6t'

config interface 'Broadband'
        option proto 'qmi'
        option device '/dev/cdc-wdm0'
        option apn 'vibo'
        option auth 'none'
        option dhcp '0'
        option autoconnect '1'
        option pdptype 'ipv4v6'
        option default_profile '1'

Any help is appreciated

pavelgl · January 16, 2024, 8:03am

Did you add the newly created interface to the wan firewall zone?

eduperez · January 16, 2024, 8:54am

Can you reach internet from the router?

We need to see the "firewall" file, too.

You have a WAN interface (on an ethernet port) and a BROADBAND interface; will you use the ethernet port for internet?

superfly71 · January 17, 2024, 6:41am

@pavelgl @eduperez
Here is my firewall

config defaults
        option syn_flood        1
        option input            REJECT
        option output           ACCEPT
        option forward          REJECT
# Uncomment this line to disable ipv6 rules
#       option disable_ipv6     1

config zone
        option name             lan
        list   network          'lan'
        option input            ACCEPT
        option output           ACCEPT
        option forward          ACCEPT

config zone
        option name             wan
        list   network          'wan'
        list   network          'wan6'
        option input            REJECT
        option output           ACCEPT
        option forward          REJECT
        option masq             1
        option mtu_fix          1

config forwarding
        option src              lan
        option dest             wan

# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
        option name             Allow-DHCP-Renew
        option src              wan
        option proto            udp
        option dest_port        68
        option target           ACCEPT
        option family           ipv4

# Allow IPv4 ping
config rule
        option name             Allow-Ping
        option src              wan
        option proto            icmp
        option icmp_type        echo-request
        option family           ipv4
        option target           ACCEPT

config rule
        option name             Allow-IGMP
        option src              wan
        option proto            igmp
        option family           ipv4
        option target           ACCEPT

# Allow DHCPv6 replies
# see https://github.com/openwrt/openwrt/issues/5066
config rule
        option name             Allow-DHCPv6
        option src              wan
        option proto            udp
        option dest_port        546
        option family           ipv6
        option target           ACCEPT

config rule
        option name             Allow-MLD
        option src              wan
        option proto            icmp
        option src_ip           fe80::/10
        list icmp_type          '130/0'
        list icmp_type          '131/0'
        list icmp_type          '132/0'
        list icmp_type          '143/0'
        option family           ipv6
        option target           ACCEPT

# Allow essential incoming IPv6 ICMP traffic
config rule
        option name             Allow-ICMPv6-Input
        option src              wan
        option proto    icmp
        list icmp_type          echo-request
        list icmp_type          echo-reply
        list icmp_type          destination-unreachable
        list icmp_type          packet-too-big
        list icmp_type          time-exceeded
        list icmp_type          bad-header
        list icmp_type          unknown-header-type
        list icmp_type          router-solicitation
        list icmp_type          neighbour-solicitation
        list icmp_type          router-advertisement
        list icmp_type          neighbour-advertisement
        option limit            1000/sec
        option family           ipv6
        option target           ACCEPT

# Allow essential forwarded IPv6 ICMP traffic
config rule
        option name             Allow-ICMPv6-Forward
        option src              wan
        option dest             *
        option proto            icmp
        list icmp_type          echo-request
        list icmp_type          echo-reply
        list icmp_type          destination-unreachable
        list icmp_type          packet-too-big
        list icmp_type          time-exceeded
        list icmp_type          bad-header
        list icmp_type          unknown-header-type
        option limit            1000/sec
        option family           ipv6
        option target           ACCEPT

config rule
        option name             Allow-IPSec-ESP
        option src              wan
        option dest             lan
        option proto            esp
        option target           ACCEPT

config rule
        option name             Allow-ISAKMP
        option src              wan
        option dest             lan
        option dest_port        500
        option proto            udp
        option target           ACCEPT

@eduperez Yes the router can connect to the internet

root@OpenWrt:/# uqmi -d /dev/cdc-wdm0 --get-data-status
"connected"

root@OpenWrt:/# uqmi -d /dev/cdc-wdm0 --get-serving-system
{
        "registration": "registered",
        "plmn_description": "S`C\u001b\u0016k\t*e3\u001d",
        "plmn_mcc": 466,
        "plmn_mnc": 89,
        "mnc_length": 2,
        "roaming": false
}

root@OpenWrt:/etc/config# nslookup www.google.com ns1.google.com
Server:         ns1.google.com
Address:        [2001:4860:4802:32::a]:53

Name:   www.google.com
Address: 172.217.160.68

Name:   www.google.com
Address: 2404:6800:4012::2004

I don't have cable access only SIM card

pavelgl · January 17, 2024, 7:13am

Run these commands:

uci add_list firewall.@zone[1].network='Broadband'
uci commit firewall
/etc/init.d/firewall restart

Edit:

Please verify that name resolution works without specifying an upstream DNS server.

superfly71 · January 19, 2024, 10:03am

@pavelgl Thanks! My Wifi and LAN are now connected to the internet! However, the LED light on the router for the SIM card does not light up

@pavelgl

Edit:

Wait.... My Gmail and Google are working but not my Roku streaming TV box (Connected via Wifi)

Here is my new firewall

config defaults
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'Broadband'
        list network 'lan'

config zone
        option name 'wan'
        list network 'wan'
        list network 'wan6'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

Please verify that name resolution works without specifying an upstream DNS server

Yes it works

root@OpenWrt:~# nslookup www.google.com
Server:         127.0.0.1
Address:        127.0.0.1:53

Non-authoritative answer:
Name:   www.google.com
Address: 172.217.163.36

Non-authoritative answer:
Name:   www.google.com
Address: 2404:6800:4012:2::2004

frollic · January 19, 2024, 10:12am

openwrt can't always control all LEDs.
not saying it's the case here, but it could be.

superfly71 · January 21, 2024, 12:26pm

pavelgl's solution worked! Let me provide some additional key information:

After you create the wireless interface you'll have to set it's network to 'lan' so Wifi is in your lan

Wireless configuration:

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/10300000.wmac'
        option channel '1'
        option band '2g'
        option htmode 'HT20'
        option cell_density '0'

config wifi-iface 'wifinet0'
        option device 'radio0'
        option mode 'ap'
        option ssid 'Rebirth'
        option encryption 'psk2'
        option key '02340234'
        option network 'lan'

As for your firewall add the QMI interface to the 'wan' zone not the 'lan' zone
Firewall configuration:

config defaults
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'wan'
        list network 'wan6'
        list network 'Broadband'

config forwarding
        option src 'lan'
        option dest 'wan'

Now I'll have to fix the LED lights but that's another topic

system · January 31, 2024, 12:28pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.